I want to redirect all the HTTP request to https request on ELB. I have two EC2 instances. I am using nginx for the server. I have tried a rewriting the nginx conf files without any success. I would love some advice on it.
问题:
回答1:
AWS Application Load Balancers now support native HTTP to HTTPS redirect.
To enable this in the console, do the the following:
- Go to your Load Balancer in EC2 and tab "Listeners"
- Select "View/edit rules" on your HTTP listener
- Delete all rules except for the default one (bottom)
- Edit default rule: choose "Redirect to" as an action, leave everything as default and enter "443" as a port.
The same can be achieved by using the CLI as described here.
It is also possible to do this in Cloudformation, where you need to set up a Listener object like this:
HttpListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn: !Ref LoadBalancer
Port: 80
Protocol: HTTP
DefaultActions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
StatusCode: HTTP_301
Port: 443
If you still use Classic Load Balancers, go with one of the NGINX configs described by the others.
回答2:
ELB sets X-Forwarded-Proto
header, you can use it to detect if original request was to HTTP and redirect to HTTPS then.
You can try this in your server
conf:
if ($http_x_forwarded_proto = 'http') {
return 301 https://yourdomain.com$request_uri;
}
Take a look at ELB docs.
回答3:
I had the same problem, in my situation HTTPS was handled entirely by ELB and I didn't know my source domain ahead of time so I ended up doing something like:
server {
listen 81;
return 301 https://$host$request_uri;
}
server {
listen 80;
# regular server rules ...
}
And then of course pointing the ELB 'https' to the instance port 80 and then the 'http' route to the instance port 81.
回答4:
The Amazon Elastic Load Balancer (ELB) supports a HTTP header called X-FORWARDED-PROTO. All the HTTPS requests going through the ELB will have the value of X-FORWARDED-PROTO equal to “HTTPS”. For the HTTP requests, you can force HTTPS by adding following simple rewrite rule. For me it works fine!
Apache
You can add following lines in your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
Or if you use vhost.conf for managing multiple domains in same EC2 web server then you can add following to the vhost.conf (add it to the domain you want to use https for it):
<VirtualHost *:80>
...
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
...
</VirtualHost>
IIS
Install IIS Url-Rewrite module, using the configuration GUI add these settings:
<rewrite xdt:Transform="Insert">
<rules>
<rule name="HTTPS rewrite behind ELB rule" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{SERVER_NAME}{URL}" />
</rule>
</rules>
</rewrite>
Read more here
回答5:
It may not be the solution you might be looking for, but another option could be to use AWS CloudFront in addition to ELB. CloudFront gives the option to redirect all incoming HTTP traffic to HTTPS.
回答6:
The htaccess solutions above caused ELB health check to fail. I had some trouble finding the solution until I discovered an article online in which someone had the same issues I had. His solution was to add this to the beginning of the htaccess file instead:
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
To allow this and other local requests over HTTP while redirecting external requests through the ELB to HTTPS, adjust the rewrite condition to match on http instead of a negative match on https.
Source: Redirecting HTTP to HTTPS with AWS and ELB
回答7:
I had strange problem with nginx and ELB configuration. My setup included 3 different services inside one nginx behind ELB. And I had mixed content issue: when your request to ELB is https, but inside ELB http only, and server create relative path to static using http, so browser fails with 'mixed content' issue. And I must create solution for both http/https work without any redirects.
Here is config located in nginx/conf.d/
folder:
# Required for http/https switching
map $http_x_forwarded_port $switch {
default off;
"80" off;
"443" on;
}
This means that we will have knowledge what real client protocol is. As you can see, we will have it in $switch
var.
And at this moment you use this in all location where you need it:
location ~ /softwareapi/index.php {
fastcgi_param HTTPS $switch;
.. other settings here ..
}
With HTTPS setting php application will automatically detect right protocol and carefully build relative path for preventing mixed content issue.
Best regards.
回答8:
Based on @Ulli's answer If you want to configure it using Terraform, here is an example >
resource "aws_alb_listener" "web" {
load_balancer_arn = "${aws_alb.web.arn}"
port = "80"
protocol = "HTTP"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
}
Source
回答9:
Create a file .ebextensions/00_forward_http_to_https.config
with the following content:
files:
/tmp/deployment/http_redirect.sh:
mode: "000755"
content: |
APP_URL=`/opt/elasticbeanstalk/bin/get-config environment --output yaml | grep -oP 'APP_URL: \K([^\s)\"](?!ttp:))+'`
sed -ie 's@$proxy_add_x_forwarded_for;@$proxy_add_x_forwarded_for;\n if ($http_x_forwarded_proto = 'http') { return 301 https://'"$APP_URL"'$request_uri; }@' /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf
container_commands:
http_redirect:
command: "/tmp/deployment/http_redirect.sh"
Make sure to set the APP_URL environment variable from the AWS management console beforehand.